SUBSTACK has disclosed a data breach after a hacker leaked what they claim to be Substack user data, with the hacker saying nearly 700,000 records were obtained, including names, email addresses, phone numbers, profile pictures, user IDs and bios.
The company said the incident occurred in October 2025 but was only discovered on 3 February when it found “evidence of a problem with our systems that allowed an unauthorized third party to access limited user data without permission”, and it has since begun notifying affected users. The notification, signed by Substack CEO Chris Best, states that passwords, payment card numbers, and other financial information were not exposed.
SecurityWeek reports that the hacker described the attack as “noisy” and said they scraped the data, leading Substack to implement mitigations; Substack has not found evidence of misuse of the compromised data, according to the post. Substack has roughly 35 million subscribers. According to SecurityWeek.